horizon/releasenotes/notes/bug-cd9099c1ba78d637.yaml

8 lines
283 B
YAML

---
security:
- |
An open redirect has been fixed, that could redirect users to arbitrary
addresses from certain views by specifying a "next" parameter in the URL.
Now the redirect will only work if the target URL is in the same domain,
and uses the same protocol.